NRC cybersecurity hole remediation needs work, says audit firm

Remediation of cybersecurity vulnerabilities continues to remain a problem at the Nuclear Regulatory Commission, says a recently released annual audit of agency systems conducted under the Federal Information Security Management Act.

The annual audit, done under contract to the NRC inspector general by Bethesda, Md.-based Richard S. Carson & Associates, finds that NRC plans of action and milestones for the remediation of cyber vulnerabilities often remain open past their due date and that agency staff sometimes declare the vulnerabilities to be resolved without sufficient evidence.